Here is the 2015 mid semester exam.

= COMP9/3441 Midsemester Exam : 2015s2 =

== Total number of marks: 50 ==
== Total duration: 60 minutes ==
There are two marks for following the examination instructions.
Your answers can be submitted by pressing save on this application.
You may submit your solutions as many times as you like. The last
submission ONLY will be marked.
Write your name on the top of each sheet of rough working paper you
use, this will not be marked, and write your answers in the computer
files as directed in the exam instructions.
You must hand in ALL writing paper at the end of the exam.
Once the exam has commenced you may not leave the exam.
You may only use the viewer, GUI calculator, and egrep. Other
programmes including scripting or interpreted languages may not be
used. We are logging all activity and use of other software etc will
result in 0 fail. If you are unsure ask the supervisor.
The use of Malachite or social engineering is prohibited. Strict exam
conditions apply, including that you may not attempt to communicate
with any other person, or access other computers or external data or
any internet resources.
If you do not follow these instructions you will get zero marks for
the exam and a possible charge of academic misconduct.
Phones must be turned off and not visible, either left outside the
room in your bag or sealed in an opaque bag placed under your seat.
==== Part A ====
This part is worth 24 marks and consists of 12 two mark questions.
Answer all questions.
=== Question 0 ===
(2 Marks)
Which of the below best describes the concept of a NONCE?
.[A]
.[B]
.[C]
.[D]
.[E]

A key which is only guessable by brute force

A number which is not used again
A random number or phrase
A salt value for a hash
An idiot

=== Question 1 ===

(2 Marks)
A canary is designed to protect against which sort of vulnerability?
.[A] Overflow into return address
.[B] Format string vulnerability
.[C] Buffer overflow on heap
.[D] Integer overflow
.[E] All of the above
=== Question 2 ===
(2 Marks)
A MAC is designed to provide
.[A] Neither Confidentiality nor Integrity
.[B] Integrity but not Confidentiality
.[C] Confidentiality but not Integrity
.[D] Confidentiality and Integrity
.[E] An expensive laptop

=== Question 3 ===

(2 Marks)
A MAC is designed to provide
.[A] Neither Non-Repudiation nor Authentication
.[B] Authentication but not Non-Repudiation
.[C] Non-Repudiation but not Authentication
.[D] Non-Repudiation and Authentication
.[E] It's not this one
=== Question 4 ===
(2 Marks)
Remember you are to select the alternative which BEST answers the
following question.
The hash of (a message appended to the end of a shared secret) is NOT
vulnerable to a length extension attack if
.[A] MD5 is used to perform the hashing
.[B] SHA3 is used to perform the hashing
.[C] SHA1 is used to perform the hashing
.[D] ANY cryptographic hash function is used
.[E] NEVER. Such a hash WILL be vulnerable to a length extension
attack regardless of which currently known cryptographic hash
function is used.
=== Question 5 ===
(2 Marks)
What is a CRYPTOGRAPHIC random number generator (RNG)?
.[A] A RNG which uses a key
.[B] A RNG whose past outputs do not help you predict the next output
.[C] A RNG whose internal state has at least as many bits as the key
space
.[D] A truly random RNG which uses genuine entropy rather than being
pseudo random
.[E] A RNG whose outputs are indistinguishable from the output of a
collision resistant cryptographic hash function.
=== Question 6 ===
(2 Marks)
Which one of the following letters is not one of the six letters most
commonly appearing in written English?
.[A] T
.[B] S
.[C] O
.[D] N
.[E] I
.[E] A
=== Question 7 ===
(2 Marks)
If all of the 100 agents in a system needed to be able to speak with
each other confidentially using a symmetric cipher how many distinct
keys would be needed?
_____
=== Question 8 ===
(2 Marks)
On average how many hash computations would be required to perform a
successful birthday attack on a 16 bit hash?
[Give your answer as the nearest power of two to the number you
believe is the correct value. So if you thought the correct value was
42 you would enter 32 as your answer since that is closer to 42 than
64 is.]
_____

=== Question 9 ===

(2 Marks)
You are going to use a system based on Merkle Puzzles to allow other
people to communicate with you securely even if you have never met or
shared a secret before.
You encode 100,000 messages each using a different 48 bit key.
If someone has a machine capable of encrypting a message in 1
billionth of a second, roughly how many seconds will it take them to
select a key to use to communicate with you on averge? (give your
answer to the nearest power of 2)
_____
=== Question 10 ===
(2 Marks)
You are going to use a system based on Merkle Puzzles to allow other
people to communicate with you securely even if you have never met or
shared a secret before.
You encode 100,000 messages each using a different 48 bit key.
If someone has a machine capable of encrypting a message in 1
billionth of a second, roughly how many seconds will it take them to
discover the key someone else is using to communicate with you on
average?
(give your answer to the nearest power of 2)
_____
=== Question 11 ===
(2 Marks)
Alice and Bob are using the Diffie-Hellman algorithm to generate a
common shared secret. They pick prime 11, and a generator of 2. Alice
privately selects 9 and Bob privately selects 4. What is their shared
secret?
_____
==== Part B ====
This part is worth 24 Marks. Each correct answer is worth 3 marks to
a maximum of 24 marks overall. So you only need to get 8 correct to
get full marks.
=== Question 12 ===
Using only egrep (or grep -e) and the supplied words.txt file decode
some of the plaintext letters which have been encoded with a monoalphabetic substitution cipher in the printed code crossword you have
been given. All the words in the crossword are in words.txt
(supplied).
Don't use scripting languages (and know that all activity is logged).
Recall that to find all words starting with "eopa" (ignoring case) as
the 2nd
3rd 4th and 5th characters execute:
{{{
$ egrep -i "^.eopa" words.txt
jeopardise
...
}}}
and to specify the exact word length use ^ and $. For example to find
all 8 letter words matching this pattern .ero..o. (ignoring case)
execute:
{{{
$ egrep -i "^.ero..o.$" words.txt
Aeroflot
ZeroCool
}}}

Note if the end of line character is counted by grep you may need to
put an extra dot . before the dollar sign.
Assume that you have already discovered that (as shown in the answers
below):
{{{
T is 12
O is 2
R is 15
}}}
Enter the corresponding code number BELOW each plaintext letter:
A ____
B ____
C ____
D ____
E ____
F ____
G ____
H ____
I ____
J ____
K ____
L ____
M ____
N ____
O
2
P ____
Q ____
R
15
S ____
T
12
U ____
V ____
W ____
X ____
Y ____
Z ____